CVE-2017-9491

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

Published: Jul 31, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-9491
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
cisco / dpc3939_firmware	dpc3939-p20-18-v303r20421733-160420a-cmcst	dpc3939-p20-18-v303r20421733-160420a-cmcst.x
cisco / dpc3939_firmware	dpc3939-p20-18-v303r20421746-170221a-cmcst	dpc3939-p20-18-v303r20421746-170221a-cmcst.x
cisco / dpc3939b_firmware	dpc3939b-v303r204217-150321a-cmcst	dpc3939b-v303r204217-150321a-cmcst.x
cisco / dpc3941t_firmware	dpc3941_2.5s3_prod_sey	dpc3941_2.5s3_prod_sey.x
commscope / arris_tg1682g_firmware	10.0.132.sip.pc20.ct	10.0.132.sip.pc20.ct.x
commscope / arris_tg1682g_firmware	tg1682_2.2p7s2_prod_sey	tg1682_2.2p7s2_prod_sey.x

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt

Vulnerability Database

290,301

CVE-2017-9491